debian · CVE-2012-4399

Quick triage

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-4399 unimportant priority: Debian including 1 source packages (cakephp), 1 status rows across 1 suites (bullseye): resolved 1.

Description:

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.